From a1bb1ab41956ef020cfa3153fbc19b30280e0f4e Mon Sep 17 00:00:00 2001 From: amdeleine bydney Date: Tue, 5 Aug 2025 21:56:48 +0000 Subject: [PATCH] feat(fruitbook): init --- hosts/fruitbook/configuration.nix | 161 ++++++++++++++++++++++++++++++ hosts/fruitbook/disks.nix | 73 ++++++++++++++ hosts/fruitbook/filesystems.nix | 20 ++++ hosts/fruitbook/hardware.nix | 28 ++++++ hosts/fruitbook/system.nix | 1 + modules/nixos/wifi.nix | 13 +++ public-keys/ssh/msyds.pub | 1 + users/crumb/default.nix | 2 +- users/crumb/files.nix | 20 ++-- 9 files changed, 312 insertions(+), 7 deletions(-) create mode 100644 hosts/fruitbook/configuration.nix create mode 100755 hosts/fruitbook/disks.nix create mode 100644 hosts/fruitbook/filesystems.nix create mode 100755 hosts/fruitbook/hardware.nix create mode 100755 hosts/fruitbook/system.nix create mode 100644 modules/nixos/wifi.nix create mode 100644 public-keys/ssh/msyds.pub diff --git a/hosts/fruitbook/configuration.nix b/hosts/fruitbook/configuration.nix new file mode 100644 index 0000000..17f6c4d --- /dev/null +++ b/hosts/fruitbook/configuration.nix @@ -0,0 +1,161 @@ +{ config, pkgs, lib, disko, sydnix-cli, ... }: + +{ + imports = [ + ./hardware.nix + ./filesystems.nix + ]; + + sydnix = { + filesystemType = "btrfs"; + wifi.enable = true; + stylix.enable = true; + niri.enable = true; + users.users = [ + "crumb" + ]; + + impermanence = { + enable = true; + directories = [ + # "Warning: Neither /var/lib/nixos nor any of its parents are persisted. + # This means all users/groups without specified uids/gids will have them + # reassigned on reboot." + "/var/lib/nixos" + # We don't want to have different ssh keys on reboot, because ssh keys + # are expected to consistently identify machines... I think. I mostly + # just think it's annoying to edit ~/.ssh/known_hosts all the time. + "/etc/ssh" + ]; + rollback = { + enable = true; + device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512G_S29ANYAH526520-part5"; + subvolume = "rootfs"; + }; + }; + }; + + services.displayManager.sddm = { + enable = true; + wayland.enable = true; + autoNumlock = true; + }; + + services.libinput = { + enable = true; + # Disable mouse acceleration. + mouse.accelProfile = "flat"; + # Sensitivity. + mouse.accelSpeed = "-0.5"; + }; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + # Pulseaudio compatibility layer. + pulse.enable = true; + wireplumber.enable = true; + }; + + # Ensure pipewire processes get realtime priority. + security.rtkit.enable = true; + + # services.xserver.desktopManager.plasma5.enable = true; + + # Disable systemd-sleep. Let KDE or whatever dim the screen without + # suspending the computer. + systemd.sleep.extraConfig = '' + AllowSuspend=no + AllowHibernation=no + AllowHybridSleep=no + AllowSuspendThenHibernate=no + ''; + + boot.loader = { + grub.enable = false; + systemd-boot.enable = true; + efi.canTouchEfiVariables = false; + }; + + time.timeZone = "America/Denver"; + + i18n.defaultLocale = "en_US.UTF-8"; + + console = { + useXkbConfig = true; # Use xkb.options in tty. + }; + + hardware.nvidia.open = false; + + services.xserver = { + # enable = true; + xkb = { + layout = "us"; + options = "ctrl:swapcaps,compose:menu"; + }; + }; + + # Usually we try to delegate declarations of globally-available packages to + # separate modules. These are some exceptional essentials. + environment.systemPackages = [ + pkgs.neovim + pkgs.git + sydnix-cli.packages.x86_64-linux.default + ]; + + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + settings.X11Forwarding = true; + }; + + # TODO: Move to defaults. + users.mutableUsers = false; + + nix = { + settings = { + allow-import-from-derivation = true; + trusted-users = [ + "@wheel" + ]; + substituters = [ + "https://cache.deertopia.net" + "https://nix-community.cachix.org" + "https://cache.nixos.org" + "https://cache.iog.io" + ]; + trusted-public-keys = [ + (builtins.readFile ../../public-keys/deertopia-cache.pub.pem) + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" + ]; + }; + }; + + security.pki.certificateFiles = [ + ../../public-keys/lolc.at.crt + ]; + + # This option defines the first version of NixOS you have installed on this + # particular machine, and is used to maintain compatibility with application + # data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any + # reason, even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are + # pulled from, so changing it will NOT upgrade your system - see + # https://nixos.org/manual/nixos/stable/#sec-upgrading for how to actually do + # that. + # + # This value being lower than the current NixOS release does NOT mean your + # system is out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes + # it would make to your configuration, and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or + # https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/hosts/fruitbook/disks.nix b/hosts/fruitbook/disks.nix new file mode 100755 index 0000000..9d4f33a --- /dev/null +++ b/hosts/fruitbook/disks.nix @@ -0,0 +1,73 @@ +# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode disko /persist/dots/hosts/nixos-testbed/disko-config.nix +# time sudo nixos-install --flake /persist/dots#nixos-testbed +{ lib, ... }: +{ + # imports = [ disko.nixosModules.disko ]; + boot.initrd.supportedFilesystems.btrfs = true; + boot.supportedFilesystems.btrfs = true; + + # From Impermanence's README: "Important note: Make sure your persistent + # volumes are marked with neededForBoot, otherwise you will run into + # problems." + fileSystems."/persist".neededForBoot = true; + + disko.devices = { + disk = { + bootroot = { + type = "disk"; + device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512G_S29ANYAH526520-part4"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + content = { + type = "btrfs"; + + mountpoint = "/partition-root"; + swap.swapfile.size = "4G"; + + # Override existing partitions. + extraArgs = [ "-f" ]; + + # Subvolumes must set a mountpoint in order to be mounted, + # *unless their parent is mounted*. + subvolumes = { + # Subvolume names do not necessarily correspond to + # mountpoints, despite the structural resemblance to a file + # path. + "/rootfs" = { + mountpoint = "/"; + }; + "/nix" = { + mountpoint = "/nix"; + }; + "/persist" = { + mountpoint = "/persist"; + }; + "/persist/home" = { + mountpoint = "/persist/home"; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "4G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/fruitbook/filesystems.nix b/hosts/fruitbook/filesystems.nix new file mode 100644 index 0000000..f5ab04f --- /dev/null +++ b/hosts/fruitbook/filesystems.nix @@ -0,0 +1,20 @@ +{ ... }: + +let + device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512G_S29ANYAH526520-part5"; + subvol = subvol-name: { + inherit device; + fsType = "btrfs"; + options = [ "subvol=${subvol-name}" ]; + }; +in { + fileSystems = { + "/" = subvol "rootfs"; + "/persist" = subvol "persist" // { neededForBoot = true; }; + "/persist/home" = subvol "persist/home"; + "/nix" = subvol "nix"; + "/boot" = { + device = "/dev/disk/by-id/ata-APPLE_SSD_SM0512G_S29ANYAH526520-part3"; + }; + }; +} diff --git a/hosts/fruitbook/hardware.nix b/hosts/fruitbook/hardware.nix new file mode 100755 index 0000000..1c0ce26 --- /dev/null +++ b/hosts/fruitbook/hardware.nix @@ -0,0 +1,28 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/hardware/network/broadcom-43xx.nix") + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/fruitbook/system.nix b/hosts/fruitbook/system.nix new file mode 100755 index 0000000..132026a --- /dev/null +++ b/hosts/fruitbook/system.nix @@ -0,0 +1 @@ +"x86_64-linux" diff --git a/modules/nixos/wifi.nix b/modules/nixos/wifi.nix new file mode 100644 index 0000000..5e6460c --- /dev/null +++ b/modules/nixos/wifi.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, inputs, system, ... }: + +let cfg = config.sydnix.wifi; +in { + options.sydnix.wifi = { + enable = lib.mkEnableOption "WiFi"; + }; + + config = lib.mkIf cfg.enable { + networking.networkmanager.enable = true; + sydnix.impermanence.directories = [ "/etc/NetworkManager/system-connections" ]; + }; +} diff --git a/public-keys/ssh/msyds.pub b/public-keys/ssh/msyds.pub new file mode 100644 index 0000000..2b09024 --- /dev/null +++ b/public-keys/ssh/msyds.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKAKil00TXWc2SzKnqblFeX0ald5EkT81ZSRv87UMpf crumb@fruitbook diff --git a/users/crumb/default.nix b/users/crumb/default.nix index a693039..04c99ef 100755 --- a/users/crumb/default.nix +++ b/users/crumb/default.nix @@ -3,7 +3,7 @@ isNormalUser = true; # TODO: Don't hard-code `persist`. Use # config.sydnix.impermanence.persistGroupName. - extraGroups = [ "wheel" "persist" "input" ]; + extraGroups = [ "wheel" "persist" "input" "networkmanager" ]; initialHashedPassword = "$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8"; diff --git a/users/crumb/files.nix b/users/crumb/files.nix index 9af09f7..1650f33 100755 --- a/users/crumb/files.nix +++ b/users/crumb/files.nix @@ -7,18 +7,26 @@ in lib.mkMerge [ # find them) and ~/private-keys (where humans will find them). Remember # that private keys must always be linked with mutable symlinks as to not # copy them into the world-readable Nix store!! + # home.file.".ssh/id_ed25519".source = + # mutableSymlink "/persist/private-keys/ssh/crumb-at-nixos-testbed"; + # home.file."private-keys/ssh/crumb-at-nixos-testbed".source = + # mutableSymlink "/persist/private-keys/ssh/crumb-at-nixos-testbed"; home.file.".ssh/id_ed25519".source = - mutableSymlink "/persist/private-keys/ssh/crumb-at-nixos-testbed"; - home.file."private-keys/ssh/crumb-at-nixos-testbed".source = - mutableSymlink "/persist/private-keys/ssh/crumb-at-nixos-testbed"; + mutableSymlink "/persist/private-keys/ssh/msyds"; + home.file."private-keys/ssh/msyds".source = + mutableSymlink "/persist/private-keys/ssh/msyds"; # Similarly, public keys are linked where SSH will find them as well as a # human-friendly ~/public-keys. + # home.file.".ssh/id_ed25519.pub".source = + # ../../public-keys/ssh/crumb-at-nixos-testbed.pub; + # home.file."public-keys/ssh/crumb-at-nixos-testbed".source = + # ../../public-keys/ssh/crumb-at-nixos-testbed.pub; home.file.".ssh/id_ed25519.pub".source = - ../../public-keys/ssh/crumb-at-nixos-testbed.pub; - home.file."public-keys/ssh/crumb-at-nixos-testbed".source = - ../../public-keys/ssh/crumb-at-nixos-testbed.pub; + ../../public-keys/ssh/msyds.pub; + home.file."public-keys/ssh/msyds".source = + ../../public-keys/ssh/msyds.pub; } {